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REMARKS 

In view of the following discussion, the Applicants submit that none of the claims 
now pending in the application are unpatentable or obvious under the provisions 35 
U.S.C. §§ 102 and 103. Thus, the Applicants believe that all of these claims are now in 
allowable form. 

I- REJECTION OF CLAIMS 1-8, 13-17, AND 23^0 UNDER 35 U.S.C, S 102 

The Examiner rejected claims 1-8, 13-17, and 23-30 as being anticipated by the 
Gong et al. patent (U.S. Patent No. 7,076,801, issued July 11, 2006. hereinafter 
referred to as ''Gong"). In response, the Applicants have amended independent claims 
1 and 23, from which claims 2-8, 13-17, and 24-29 depend, as well as independent 
claim 30, in order to more clearly recite aspects of the invention. 

In particular, the Examiner's attention Is respectfully directed to the fact that 
Gong does not disclose or suggest incrementing a counter associated with a sender to 
account for a security assault, notifying a human operator if a value of the counter 
exceeds a maximum limit, and automatically creating a new server instance with a new 
server configuration if the value of the counter does not exceed the maximum limit, 
wherein the new server configuration is selected from a table comprising a plurality of 
new server configurations, where the new server configuration is associated in the table 
with the value of the counter , as recited In amended independent claims 1 , 23 and 30. 

By contrast, Gong teaches a method in which new configurations for a network 
are generated based on "tolerance objectives and any cost or perfonnance impact" 
(Gong, column 7, lines 33-37). Gong does not teach that potential new server 
configurations pre-exist (e.gr., in a table), or that a new server configuration is chosen 
from among the pre-existing potential new server configurations based on the value of a 
counter that tracks a number of times a server has been assaulted . l\/loreover, Gong 
teaches that a new network configuratton is automaticallv generated by an adaptive 
reconfigurer, /.e., without anv reporting to human administrators or operators under any 
circumstances. 

Specifically, independent claims 1, 23 and 30, as amended, recite: 
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1. A method for automated adaptive reprovisioning of servers under security 
assault, the method comprising: 

detecting a security assault or a possible security assault on a first server; 
incrementing a counter associated with the first server to account for the 
security assault or possible security assault; 

notifying a human operator if a value of said counter exceeds a maximum 

limit; 
and 

reprovisioning by automatically creating a new server instance with a new 
server configuration to perform at least one of the tasks perfonned by said first 
server, if said value of said counter does not exceed the maximum limit, wherein 
said new server configuration for said new server instance is selected from a 
table comprising a plurality of new server configurations, said new server 
configuration being associated in said table with said value of said counter 
(Emphasis added) 

23. A computer-readable medium having stored thereon a plurality of 
instructions for automated adaptive reprovisioning of servers under security 
assault, said plurality of instructions including instructions which, when executed 
by a processor, cause said processor to perform: 

detecting a security assault or a possible security assault on a first server; 

incrementing a counter associated with the first server to account for the 
security assault or possible security assault; 

notifying a human operator if a value of said counter exceeds a maximum 

limit; 
and 

reprovisioning by automatically creating a new server instance with a new 
server configuration to perfomi at least one of the tasks performed by said first 
server, if said value of said counter does not exceed the maximum limit, wherein 
said new server configuration for saki new server instance is selected from a 
table comprising a plurality of new server configurations, said new server 
configuration being associated in said table with said value of said counter 
(Emphasis added) 



30. A system for automated adaptive reprovisioning of servers under security 
assault, the system comprising: 
a first server; 

a counter associated with said first server for tracking a number of times 
that said first server has come under security assault : 

a security monitor, coupled to said first server, for detecting rf said first 
server is a candidate for automatic reprovisioning with a new server instance 
having a new server configuration; and 
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a table for storing a plurality of new server configurations, where each of 
said plurality of new server configurations corresponds to a potential value of 
said counter : and 

a provisloner, coupled to said first server, for automatically reprovisioning 
said first server with said new server instance if said first server is such a 
candidate, wherein said new server configuration for said new server instance is 
selected from the plurality of new server configurations based on a cunrent value 
of said counter . (Emphasis added) 

Applicants' invention is directed to a method and apparatus for adaptive server 
reprovisioning under security assault. When an assault on a server is detected, the 
server may be reconfigured in accordance with one of a number of potential new 
configurations designed to improve the server's resistance to subsequent assaults. 
These potential new configurations are stored in a table. Embodiments of the invention 
track (via a counter) a number of times that the server has been assaulted and use this 
number as an index into the table of potential new configurations, where at least one of 
the potential new configurations will correspond, according to the table, to the number of 
times that the given server has been assaulted. If the number of times that the server 
has been assaulted exceeds a predefined maximum number, a human operator is 
notified instead. In this way, a new configuration for the server can be selected 
automatically in a manner that minimizes server downtime and human intervention. 

Applicants' independent claims 1, 23 and 30, as amended, clearly recite the 
steps of Incrementing a counter assodated with a server to account for a security 
assault, notifving a human operator if a value of the counter exceeds a maximum limit, 
and automatically creating a new server instance with a new server configuration if the 
value of the counter does not exceed the maximum limit, wherein the new server 
conf^uration is selected from a table comprising a plurality of new server 
configurations, where the new server configuration is associated In the table with the 
value of the counter . As discussed above, Gong fails to teach or suggest any of these 
features. Accordingly, the Applicants respectfully submit that independent claims 1, 23 
and 30, as amended, are not anticipated by Gong and are patentable under 35 U.S.C. 
§102. 
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Claims 2-8, 13-17, and 24-29 depend from claims 1 and 23 and recite additional 
features therefore. As such, and at least for the same reasons set forth with respect to 
Independent claims 1 and 23, the Applicants respectfully submit that claims 2-8, 13-17, 
and 24-29 are also not anticipated by Gong and are patentable under 35 U.S.C. §102. . 
Accordingly the Applicants respectfully request that the rejection of claims 1-8, 13-17, 
and 23-30 under 35 U.S.C. §102 be withdrawn. 

II, REJECTION OF CLAIMS 9-12 AND 19-22 UNDER 35 U,S.C. S 103 
1. Claims 9-12 

The Examiner rejected claims 9-12 as being unpatentable over Gong in view of 
the Agha, et al. patent (U.S. Patent No. 6,044,461, issued on March 28, 2000, 
hereinafter referred to as "Agha"). in response, the Applicants have amended 
independent claim 1, from which claims 9-12 depend, as discussed above in order to 
more clearly recite aspects of the invention. 

As discussed above, Gong fails to disclose incrementing a counter associated 
with a server to account for a security assault, notifying a human operator if a value of 
the counter exceeds a maximum limit, and automatically creating a new server instance 
with a new sen/er configuration if the value of the counter does not exceed the 
maximum limit, wherein the new server configuration is selected from a table comprising 
a plurality of new server configurations, where the new server configuration is 
associated in the table with the value of the counter , as recited in amended independent 
claim 1. Agha fails to bridge this gap in the teachings of Gong. Accordingly, the 
Applicants respectfully submit that independent claim 1 is not made obvious by Gong in 
view of Agha and is patentable under 35 U.S.C. §103. 

Claims 9-12 depend from claim 1 and recite additional features therefore. As 
such, and at least for the same reasons set forth with respect to independent claim 1, 
the Applicants respectfully submit that claims 9-12 are also not made obvious by Gong 
in view of Agha and are patentable under 35 U.S.C. §103. Accordingly the Applicants 
respectfully request that the rejection of claims 9-12 under 35 U.S.C. §102 be 
withdrawn. 

I 
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2. Claims 19-22 

The Examiner rejected claims 19-22 as being unpatentable over Gong in view of 
the Burnett, et al. application (U.S. Patent Application Publication No. 2003/0018889, 
published on January 23, 2003, hereinafter refenred to as "Burnett*^. In response, the 
Applicants have cancelled claims 19-22 without prejudice. Accordingly, the Applicants 
respectfully submit that the rejection of claims 19-22 is moot. 

Ill- CONCLUSION 

Thus, the Applicants submit that all of the presented claims fully satisfy the 
requirements of 35 U.S.C. §102 and §103. Consequently, the Applicants believe that all 
these claims are presently in condition for allowance. Accordingly, both reconsideration 
of this application and its swift passage to issue are earnestly solicited. 

If, however, the Examiner believes that there are any unresolved issues requiring 
the maintenance of the final action in any of the claims now pending in the application, it 
is requested that the Examiner telephone Mr Kin-Wah Tong. Esq. at (732) 530-9404 so 
that appropriate an-angements can be made for resolving such issues as expeditiously 
as possible. 

Respectfully submitted, 

April 29. 2008 

Patterson & Sheridan, LLP 
595 Shrewsbury Avenue 
Shrewsbury, New Jersey 07702 




Kin-Wah Tong, Attomey 
Reg. No. 39,400 
(732) 530-9404 
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